[sunburnt]

Q: What does it do with Simatic? A: It modifies commands sent from the Windows computer to the PLC. One running on the PLC, it looks for a specific factory environment. If this is not found, it does nothing.

So it seems that there is one factory layout Stuxnet is looking for. I.e. it will know what point 35 is.

[borism]

is it possible to determine which factory environment you're in? maybe it just tries the same combination in each and every one environment it gets to?

[uxp]

Considering the size of the file, (and the fact I have not examined StuxNet), I'd assume that there is a good chance it has enough logic to determine which factory it is in by pure brute force.

If the main fan control gives a fairly standard reading, it shouldn't be too difficult figuring out what the particular factory it has infiltrated has wired that point to, for example.

Also, I haven't heard any definitives on what kind of factory this is targeting. I do know that there aren't many companies that develop and design high tech industrial facilities. Despite StuxNet having infected thousands (millions) of personal PCs, it really is only looking for maybe a few dozen or so in the world that are of the right type. Combine that with a low number of factory designs, and it could very well have a pre-determined database of how its intended targets are wired.